If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Dream Network

Hi, all. I've just been given the opportunity to design the kind of network dreams are made of. First I'll give you a head's up of what the network is going to consist of, and then some ideas I had for it. There is a budget, but it's high enough that it's not even worth mentioning at this point. A lot of you are obviously really into networking equipment, having setup large business and enterprise sized networks. Most of what I have done is small businesses where cost is the main determining factor, so this is something I need some help with.

Specificiations:

The business is a corporate training company. The offices will be spread across two buildings. The first building will have 18 computers on the first floor, and 12 computers on the second floor. The second building, will be about 250 meters away, across what will become a parking lot. Since the lot is not layed down yet, we'll be able to pull cabling between the two buildings. The company already has a host for it's web site, so I don't need to worry about a web server, but their database server has to be offline, while all workstations need to be online. Although currently quite small, the two buildings are being designed for significant expansion (up to a total of about 450 workstations across the buildings). The business also owns all of the surrounding lots, so they may end up moving out over the next 10 or so years, so I want to make sure it's set up right from the start. Speed and security are the two main concerns for the network. EDIT: By the way, they're planning on pulling in a T3 line for Internet connectivity.

My Ideas:

First off, the business requires Windows 2000 and XP Pro workstations, so I'm going with Windows 2003-based servers for the database server and the domain server. I'm also (obviously) going with a ethernet network. Since speed is an issue, I was thinking of going with 1 Gbps connections to each of the workstations with a 10 Gbps backbone for the servers and between the two buildings. For the connection between the buidlings, I was looking into pulling fiber with Ethernet to Fiber (EoF) adapters connecting the two subnetworks. I'm considering also setting up a 802.11g wireless network for the trainers to use their laptops during presentations, but I may drop that if it turns out they won't be using laptops (I'm still waiting on confirmation of that). Either way, that's something I can always add later.

Based on that, can you guys give me any advice on what hardware you'd recommend? I'm leaning towards Cisco equipment, but I don't know much about high-end Cisco equipment, so any help you can offer is greatly appreciated.

I made 3 possible similar options based on three or more vendors: Cisco, Extreme, Nortel, 3com

The company I drawed network layouts for this summer choose for Extreme networks.
going with extreme layer 3 switches (BlackDiamond Core Switch)
using completly redundant connections between floors, buildings and servers.
The floor to floor connections: double multi mode fiber. The same for the building interconnections.

All fibers doubled over switches and buildings, this means that when core switch 1 in building 1 fails (almost impossible cause it has redundant power module, redundant management module, redundant fabric module ) core 2 takes over. So you need more than two cables between buildings

From those core switches it goes through redundant gigabit (10gb?) connections to Extreme Summit Layer 2 switches, from there 10/100 to workstations and 1000 to servers.

The logical layout is based on a central Firewall idea. This is one of the new trends in the security field. It has some advantages but also some minor points. For instance all trafic passes the firewall. (could slow down network traffic)
The setup we used is a Nokia redundant firewall with checkpoint, they are configed as master and slave, but can also be configed as master/slave with load balancing (this requires a more expensive licensing from checkpoint). This firewall is connected to several subnets, one of them is the access network, this means that this is the network where all Cisco routers to and from the outside are located (homeworkers, internet - this passes a webcache cluster and extra firewall/gateway too.) Also client networks, server networks and DMZ are connected to this firewall making allmost all traffic being monitored. This reduces your single point of failure to the firewall solution, and that's a redundant one.

I would say ->

Cisco routers for incoming traffic
2x Extreme Blackdiamond core switches layer 3 with all redundant modules (6800 series) or Alpine if you see it really very very big.
Fiber connections between floors and buildings
4x Extreme Summit switches 48i (gives you 96 ports for every floor) or gigabit solution:
Blackdiamond with gigabit module.http://www.extremenetworks.com/libra...roducts/bd.asp

Cisco is definately the way to go. I don't know about M$ for a database server though, lol. Unless you want to lose data or not access it, lol. Check out www.mysql.com for a rock solid database in Linux. I'm pretty sure that this website uses Mysql for it's backend database.

To network the two buildings, I'd go with a wireless & VPN solution. Wireless would allow the company to save the cost of wiring the whole place, VPN would keep out prying eyes. This is the way that most companies alot of companies are doing things now. It gives freedom for employees with laptops, and security for the network itself.

Take a look at the videos on www.cisco.com and look at their wireless and vpn solutions.

Adven: This is too big a project for me to try to give specifics on since we don't know eachother etc. But I'll throw out a few general things to think about and I hope they help you.

1. Unless your budget allows you to hire high priced help for everything you don't know well then stick to what you know or the time to implement goes up exponentially.

2. If you are dragging fibre across the parking lot have the contractor pull three fibres for every one you need. If one fails it's $20k+ to rip up the parking lot to replace it. If you have alternatives in place it's a switch from one to another. If the whole parking lot blows up never mind... you were screwed anyway.....

3. In a training environment have a standard image that is pushed to every training PC every night so that when the customers come in in the morning you have a standard load in place.

4. If they may move, (or move one building and not the other), in the future point out the cost of laying new fibre etc. If they plan to expand into new buildings make sure you set up so you can without changing the base infrastructure you have created.

These aren't hardware suggestions but they are important to show that you have considered. You do your customer/employer, (not to mention yourself), a big favor if you show that you have their fiscal best interests in mind while you "geek your way to stardom"...

Good Luck.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

As for advice, I can't say I've done something that extensive (yet), but from what I have done
(private highschool, ~120 hosts in all):

I've used cisco for the core device (more precisely a cat 3550 24pt EMI (layer3 switch) ); it made sence to me to spend a little more on the core device and I had read good reviews on the 3550 (close to wirespeed level 3 switching...).

That being said, when came time for access/distrib devices, I opted for Hp procurve 5308xl. Reasons for that were:
a) price! (almost a third of what a cisco would have cost)
b) the procurve 5300xl offers almost all (if not all) the features the corresponding cisco would have
c) (not the biggest concern but still) limited lifetime warranty (as where cisco's is like 6 months (!) then you have to buy support contracts...

These are linked together with 65nm multimode fiber, with SC gbic/mini-gbic adapters (1 gbps).

We had cat 6 wireing layed to the hosts served by the 5300xl although we only do 100Mbps fastethernet on them: these hosts are just traditionnal office workstations and don't need the bandwidth, and as so, giving them gigabit access would have cost more and made it easier for a single host to overwhelm the backbone, without any really noticable improvement for the end users.

We also have some previous networking that remained as is in computer labs (it's a highschool): stacked dlink 3624i/3624, 2 for each labs (36 hosts). Both labs are linked with 2 100mbps cat 5 in etherchannel to the cat3550.

Like I said however, this is a much smaller scale than your project, and money was/is a concern. As so, right now I don't have any redundance at the network level. Hopefully we'll get a little more funding eventually to add that.

All workstations are 2k/XP, with 2k server with AD (should upgrade to 2k3 soon).
AD and group policies are wonderfull for controlling students desktops and (even for personnel).

Misc. servers (firewall, proxy, web, mail...) run openbsd in a dmz.

That's pretty much it. Probably doesn't exactly fit your situation but maybe it can inspire you in some way!

Originally posted here by PuReExcTacy I don't know about M$ for a database server though, lol. Unless you want to lose data or not access it, lol. Check out www.mysql.com for a rock solid database in Linux. I'm pretty sure that this website uses Mysql for it's backend database.

Mysql is great for some applications, but it isn't a panacea:
for one, it doesn't even enforce ACID, or strong referential integrity... (As far as I've heard of last).
So while it can be great for powering websites, it might not do so well for critical apps. As far as open source DBMS, PostgreSQL is a better match for MSSQL (which isn't that bad actually), Oracle and others...

1. fiber doesnt ever run into problems unless its twisted wrong, or cut. If you have a concern that someone might accidently cut one of the ends, you can just have 2 pairs of fiber cables ran. If you would rather not worry about it right now, and if they cut the fiber, someone would just have to come out and re-run the fiber through the conduit. you wont have to tear up the parking lot.

2. usually a company looks at expanding as needed, not going b@lls out with the best equipment unless they have a crap load of $$$ to spend on their network.

Ok now a recommendation

1. definetly run fiber between the two buildings.

2. cisco equipment is always a great buy. they make cisco 3550 switches with 12 ports and 24 ports. i would purchase 2 cisco 3550s for the 2 story office building. I would also run fiber between the two floors. The 3550s come with 2 fiber ports. If you purchase this dont forget to purchase GBIC modules to put into the switch to enable fiber. youll need 4. 1 for the 2nd floor, 2 for the first floor and 1 for the other building.

1b. Another option to prevent stacking multiple switches if they grow is to look at the 4003 and 4006 switches. they are much more $$ though.

3. as far as a router goes. get a cisco 7206VXR with a NPE-300. It comes with 1 FE on the I/O controller.

4. Have they thought about security??? You might also want to suggest installing a Firewall. I grew up on Cisco, so Im a big fan. The Pix 515 would work good with 64mb ram.

I see alot of good ideas, and yes id say go with fiber, but also remember, its a light beam, and the two buildings dont seem so far apart. you may run nito problems this way and need a shield/shade for the light inside the wires, fiber si great but when its to close the light will burn to brightly and the trans wont know whats going on because the lights will be to bright to tell what signal its using.

if money is not a problem i guess windows is ok, but why the hell not go for solaris? i mean 2k3 is ok but why not get something good?

instead of a T3, why no got for an OC? oh, and are they hiring? being thr admin of a network with no real cost problems is a dream.

"When in doubt, use Brute Force."

Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

If you didnt' want to run cables underneath the concrete, you could always do wireless. you could Use Microwave to run your network to the other building.

I can't find the site right now, but when i was looking, I saw a company offering line of site network at 540mbps Full Duplex gigabit. You could always do that, so then you don't have to worry about someone cutting your cables.

Heres another thing that might interest you

Free Space Optics

What is FSO?

Free-Space Optics (FSO) is a line-of-sight technology that uses lasers to provide optical bandwidth connections. Currently, FSO is capable of up to 2.5 Gbps of data, voice and video communications through the air, allowing optical connectivity without requiring fiber-optic cable or securing spectrum licenses. FSO requires light, which can be focused by using either light emitting diodes (LEDs) or lasers (light amplification by stimulated emission of radiation). The use of lasers is a simple concept similar to optical transmissions using fiber-optic cables; the only difference is the medium. Light travels through air faster than it does through glass, so it is fair to classify FSO as optical communications at the speed of light.

FSO technology is relatively simple. It's based on connectivity between FSO units, each consisting of an optical transceiver with a laser transmitter and a receiver to provide full duplex (bi-directional) capability. Each FSO unit uses a high-power optical source (i.e. laser), plus a lens that transmits light through the atmosphere to another lens receiving the information. The receiving lens connects to a high-sensitivity receiver via optical fiber. FSO technology requires no spectrum licensing. FSO is easily upgradeable, and its open interfaces support equipment from a variety of vendors, which helps service providers protect their investment in embedded telecommunications infrastructures.

Originally posted here by mandraketux I see alot of good ideas, and yes id say go with fiber, but also remember, its a light beam, and the two buildings dont seem so far apart. you may run nito problems this way and need a shield/shade for the light inside the wires, fiber si great but when its to close the light will burn to brightly and the trans wont know whats going on because the lights will be to bright to tell what signal its using.

WTF dude? Do you have any idea how a fiberoptic cable works or even look like? What you say doesn't even make sence.

if money is not a problem i guess windows is ok, but why the hell not go for solaris? i mean 2k3 is ok but why not get something good?

Solaris might be nice for app servers, but when it comes to serving and managing multiple workstations 2k/2k3 with AD is hard to beat. Besides, the clients must be windows as this is a requirement for the project, so solaris doesn't make much sence here.